cdc3e2164a9c6cd5fbb2ef96582490b610c59dea22efc5f2f7e6800a09ecc448

General

Target

cdc3e2164a9c6cd5fbb2ef96582490b610c59dea22efc5f2f7e6800a09ecc448
Size

401KB
MD5

82e4a628a626eef3f6ed502e875ad33e
SHA1

ad86565d4bd59763b92d0e824acdbdab32240d7d
SHA256

cdc3e2164a9c6cd5fbb2ef96582490b610c59dea22efc5f2f7e6800a09ecc448
SHA512

30d6bad5039de0b57a9b0ab52e746aae4d5deb5ae6cf133a2baa3e361fbe7f79b8e8a1430e2bc82eb8b9d6e5bbb6ac810020f7c8df9fc95322ac10d0e5d00ec4
SSDEEP

6144:0fsNhR7c3k7er0ggXqt8BJClDGZqdg0F0JANivsex6wAeX3dVH+ZV7GpEwH:tRc3zjeQsB0mJvkBu3dJqV7Gp

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
cdc3e2164a9c6cd5fbb2ef96582490b610c59dea22efc5f2f7e6800a09ecc448
unpack001/out.upx

Files

cdc3e2164a9c6cd5fbb2ef96582490b610c59dea22efc5f2f7e6800a09ecc448
.dll regsvr32 windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 1024KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 394KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1024KB

UPX1 Size: 394KB - Virtual size: 396KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 28KB - Virtual size: 139KB

.tls Size: 8KB - Virtual size: 8KB

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 81KB - Virtual size: 80KB

UPX0
Size: - Virtual size: 1024KB

UPX1
Size: 394KB - Virtual size: 396KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 28KB - Virtual size: 139KB

.tls
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 81KB - Virtual size: 80KB